ActualTests Security Plus Exam SY0101 Nov 2008 pdf

(1)

Exam :

_SY0-101

Title :

_Security+

(2)

Actualtests.com - The Power of Knowing

QUESTION 1

Which of the following is NOT a valid access control mechanism?

A. DAC (Discretionary Access Control) list. B. SAC (Subjective Access Control) list. C. MAC (Mandatory Access Control) list. D. RBAC (Role Based Access Control) list.

Answer: B

Explanation:

There is no such thing as a SAC (Subjective Access Control) list.

QUESTION 2

Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?

A. MAC (Mandatory Access Control) B. RBAC (Role Based Access Control) C. DAC (Discretionary Access Control) D. None of the above.

Answer: B

Explanation:

The RBAC model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. Users can be assigned certain roles system wide. Reference:

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12

QUESTION 3

Which of the following best describes an access control mechanism that allows the data owner to create and administer access control?

A. MACs (Mandatory Access Control) B. RBACs (Role Based Access Control) C. LBACs (List Based Access Control) D. DACs (Discretionary Access Control)

Answer: D

Explanation:

(3)

they own. The DAC model would allow a user to share a file or use a file that someone else has shared. The DAC model establishes an ACL that identifies the users who have authorization to that information. This allows the owner to grant or revoke access to individuals or groups of individuals based on the situation. This model is dynamic in nature and allows information to be shared easily between users.

Reference:

QUESTION 4

Which of the following is an inherent flaw of DAC (Discretionary Access Control)?

A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.

B. DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates.

C. DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account.

D. DAC (Discretionary Access Control) has no known security flaws.

Answer: A

Explanation:

In a DAC model, network users have some flexibility regarding how information is accessed. This model allows users to dynamically share information with other users. The process allows a more flexible environment, but it increases the risk of unauthorized disclosure of information. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given.

Reference:

QUESTION 5

Which of the following access control methods provides the most granular access to protected objects?

A. Capabilities

B. Access control lists C. Permission bits D. Profiles

Answer: B

Explanation:

(4)

of access controls to be established in your network. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats.

Reference:

QUESTION 6

You work as the security administrator at Certkiller .com. You set permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file is as follows:

Owner: Read, Write, Execute User A: Read, Write, - User B: -, -, - (None) Sales: Read,-, - Marketing: -, Write, - Other Read, Write, -

User "A" is the owner of the file. User "B" is a member of the Sales group. What effective permissions does User "B" have on the file?

A. User B has no permissions on the file. B. User B has read permissions on the file.

C. User B has read and write permissions on the file.

D. User B has read, write and execute permissions on the file.

Answer: A

Explanation:

The Owner is allowed to: Read, Write, & Execute User A is allowed to: Read, Write, & -

Sales is allowed to: Read, -, - Marketing is allowed to: -, Write, - Others are allowed to: Red, Write, -

And User B is allowed to do nothing! -,-,-(None)

QUESTION 7

You work as the security administrator at Certkiller .com. Certkiller has a RBAC (Role Based Access Control) compliant system for which you are planning the security implementation. There are three types of resources including files, printers, and mailboxes and four distinct departments with distinct functions including Sales, Marketing, Management, and Production in the system. Each department needs access to different resources. Each user has a workstation. Which roles should you create to support the RBAC (Role Based Access Control) model?

A. file, printer, and mailbox roles

B. sales, marketing, management, and production roles C. user and workstation roles

D. allow access and deny access roles

(5)

Actualtests.com - The Power of Knowing Explanation:

Each distinct department (sales, marketing, management, and production) has their own role in the company, which probably includes using the: filer server, print server, and mail server. So it would be wise to create roles for each department.

QUESTION 8

With regard to DAC (Discretionary Access Control), which of the following statements are true?

A. Files that don't have an owner CANNOT be modified. B. The administrator of the system is an owner of each object. C. The operating system is an owner of each object.

D. Each object has an owner, which has full control over the object.

Answer: D

Explanation:

The DAC model allows the owner of a resource to establish privileges to the information they own. The DAC model would allow a user to share a file or use a file that someone else has shared. The DAC model establishes an ACL that identifies the users who have authorized to that information. This allows the owner to grant or revoke access to individuals or group of individuals based on the situation. This model is dynamic in nature and allows information to be shared easily between users.

Reference:

QUESTION 9

Which of the following are used to make access decisions in a MAC (Mandatory Access Control) environment?

A. Access control lists B. Ownership

C. Group membership D. Sensitivity labels

Answer: D

Explanation:

(6)

QUESTION 10

Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user?

A. MACs (Mandatory Access Control) B. RBACs (Role Based Access Control) C. LBACs (List Based Access Control) D. DACs (Discretionary Access Control)

Answer: A

Explanation:

The MAC model is a static model that uses a predefined set of access privileges to files on the system. The system administrator establishes these parameters and associates them with an account, files or resources. The MAC model can be very restrictive.

Reference:

QUESTION 11

Which of the following access control methods relies on user security clearance and data classification?

A. RBAC (Role Based Access Control).

B. NDAC (Non-Discretionary Access Control). C. MAC (Mandatory Access Control).

D. DAC (Discretionary Access Control).

Answer: C

Explanation:

Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data. For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it.

QUESTION 12

Which of the following is a characteristic of MAC (Mandatory Access Control)?

A. use levels of security to classify users and data

B. allow owners of documents to determine who has access to specific documents C. use access control lists which specify a list of authorized users

(7)

Actualtests.com - The Power of Knowing Answer: A

Explanation:

Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data. For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it.

QUESTION 13

Which of the following terms represents a MAC (Mandatory Access Control) model?

A. Lattice

B. Bell La-Padula C. BIBA

D. Clark and Wilson

Answer: A

Explanation:

The word lattice is used to describe the upper and lower level bounds of a user' access permission.

QUESTION 14

Identify the access control model that makes use of security labels connected to the objects?

A. You should make use of the Role Based Access Control (RBAC) model. B. You should make use of the Mandatory Access Control (MAC) model. C. You should make use of the Rule Based Access Control (RBAC) model. D. You should make use of the Discretionary Access Control (DAC) model.

Answer: B

QUESTION 15

Which of the following is an example of a task-based control model?

(8)

Actualtests.com - The Power of Knowing Answer: C

QUESTION 16

Identify from the list below the access control models that makes use of subject and object labels?

A. You should identify Rule Based Access Control (RBAC) B. You should identify Mandatory Access Control (MAC) C. You should identify Discretionary Access Control (DAC) D. You should identify Role Based Access Control (RBAC)

Answer: B

QUESTION 17

What is the access control model that explicitly assigns access rights to users?

A. Assigning access rights to a client is a Discretionary Access Control (DAC) characteristic.

B. Assigning access rights to a client is a Rule Based Access Control (RBAC) characteristic.

C. Assigning access rights to a client is a Mandatory Access Control (MAC) characteristic.

D. Assigning access rights to a client is a Role Based Access Control (RBAC) characteristic.

Answer: A

QUESTION 18

Identify the access decisions based on a Mandatory Access Control (MAC) environment?

A. Sensitivity labels are based on a Mandatory Access Control (MAC) environment. B. Access control lists are based on a Mandatory Access Control (MAC) environment. C. Group membership is based on a Mandatory Access Control (MAC) environment. D. Ownership is based on a Mandatory Access Control (MAC) environment.

Answer: A

QUESTION 19

What access control model is a Windows file server an example of?

(9)

QUESTION 20

Which servers should be located on a private network?

A. You should place a File and print server on the private network.

B. You should place a Remote Access Server (RAS) on the private network. C. You should place an E-mail server on the private network.

D. You should place a Web server on the private network.

Answer: A

QUESTION 21

What model assigns sensitivity labels to users and their data?

A. You should identify the Discretionary Access Control (DAC) access control model. B. You should identify the Role Based Access Control (RBAC) access control model. C. You should identify the Mandatory Access Control (MAC) access control model. D. You should identify the Rule Based Access Control (RBAC) access control model.

Answer: C

QUESTION 22

The Certkiller .com network contains of various departments that makes use of an access control model. The finance department only requires access to the personal data of staff and the marketing department only needs access to the production data. Which access control model is MOST suitable?

A. The Discretionary Access Control (DAC) access control model would be most suitable.

B. The Rule Based Access Control (RBAC) access control model would be most suitable. C. The Role Based Access Control (RBAC) access control model would be most suitable. D. The Mandatory Access Control (MAC) access control model would be most suitable.

Answer: C

QUESTION 23

Which access controls are based on security labels assigned to every data item and every user?

(10)

QUESTION 24

Determine the access control model where users are assigned access rights based on their function within the organization?

A. This is a feature of Discretionary Access Control (DAC). B. This is a feature of Rule Based Access Control (RBAC). C. This is a feature of Role Based Access Control (RBAC). D. This is a feature of Mandatory Access Control (MAC).

Answer: C

QUESTION 25

Which of the following password generators is based on challenge-response mechanisms?

A. asynchronous B. synchronous C. cryptographic keys D. smart cards

Answer: A

Explanation:

An synchronous password generator, has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). That challenge can also include a hash of transmitted data, so not only can the authentication be assured; but also the data integrity.

QUESTION 26

Which of the following password management systems is designed to provide availability for a large number of users?

A. self service password resets B. locally saved passwords C. multiple access methods D. synchronized passwords

Answer: A

Explanation:

A self service password reset is a system where if an individual user forgets their

(11)

Actualtests.com - The Power of Knowing prompt, then receiving a new temporary password on a pre-specified email address) without having to call the help desk. For a system with many users, this will significantly reduce the help desk call volume.

QUESTION 27

Which of the following provides the best protection against an intercepted password?

A. VPN (Virtual Private Network).

B. PPTP (Point-to-Point Tunneling Protocol). C. One time password.

D. Complex password requirement.

Answer: C

Explanation:

A one time password is simply a password that has to be changed every time you log on; effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves. So by chance, if someone were to intercept a password it would probably already be expired, or be on the verge of

expiration within a matter of hours.

QUESTION 28

Which of the following best describes a challenge-response session?

A. A workstation or system that generates a random challenge string that the user enters when prompted along with the proper PIN (Personal Identification Number).

B. A workstation or system that generates a random login ID that the user enters when prompted along with the proper PIN (Personal Identification Number).

C. A special hardware device that is used to generate random text in a cryptography system.

D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.

Answer: A

Explanation:

A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Most security systems that rely on smart cards are based on challenge-response. A user is given a code (the challenge) which he or she enters into the smart card. The smart card then displays a new code (the response) that the user can present to log in.

Reference:

(12)

QUESTION 29

Which of the following must be deployed for Kerberos to function correctly?

A. Dynamic IP (Internet Protocol) routing protocols for routers and servers. B. Separate network segments for the realms.

C. Token authentication devices.

D. Time synchronization services for clients and servers.

Answer: D

Time synchronization is crucial because Kerberos uses server and workstation time as part of the authentication process.

QUESTION 30

Why are clocks used in a Kerberos authentication system?

A. To ensure proper connections. B. To ensure tickets expire correctly.

C. To generate the seed value for the encryptions keys. D. To benchmark and set the optimal encryption algorithm.

Answer: B

Explanation:

The actual verification of a client's identity is done by validating an authenticator. The authenticator contains the client's identity and a timestamp.

To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker, the timestamp in the authenticator is checked against the current time. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. Thus, Kerberos requires your system clocks to be loosely synchronized (the default is 5 minutes, but it can be adjusted in Version 5 to be whatever you want).

Reference:

http://www.faqs.org/faqs/kerberos-faq/general/section-22.html

QUESTION 31

Which of the following factors must be considered when implementing Kerberos authentication?

A. Kerberos can be susceptible to man in the middle attacks to gain unauthorized access. B. Kerberos tickets can be spoofed using replay attacks to network resources.

C. Kerberos requires a centrally managed database of all user and resource passwords. D. Kerberos uses clear text passwords.

Answer: C

(13)

If the key distribution centre is down, all of other systems dependent on those keys won't be able to function.

QUESTION 32

You work as the security administrator at Certkiller .com. You want to ensure that only encrypted passwords are used during authentication. Which authentication protocol should you use?

A. PPTP (Point-to-Point Tunneling Protocol) B. SMTP (Simple Mail Transfer Protocol) C. Kerberos

D. CHAP (Challenge Handshake Authentication Protocol)

Answer: D

Explanation:

CHAP is commonly used to encrypt passwords. It provides for on-demand authentication within an ongoing data transmission, that is repeated at random intervals during a

session. The challenge response uses a hashing function derived from the Message Digest 5 (MD5) algorithm.

QUESTION 33

Which of the following are the main components of a Kerberos server?

A. Authentication server, security database and privilege server.

B. SAM (Sequential Access Method), security database and authentication server. C. Application database, security database and system manager.

D. Authentication server, security database and system manager.

Answer: A

QUESTION 34

When does CHAP (Challenge Handshake Authentication Protocol) perform the handshake process?

A. When establishing a connection and at anytime after the connection is established. B. Only when establishing a connection and disconnecting.

C. Only when establishing a connection. D. Only when disconnecting.

Answer: A

Explanation:

(14)

QUESTION 35

For which of the following can biometrics be used?

A. Accountability B. Certification C. Authorization D. Authentication

Answer: D

Explanation:

Biometrics devices use physical characteristics to identify the user. Reference:

QUESTION 36

Which of the following is the most costly method of an authentication?

A. Passwords B. Tokens C. Biometrics D. Shared secrets

Answer: C

Explanation: Biometrics

These technologies are becoming more reliable, and they will become widely used over the next few years. Many companies use smart cards as their primary method of access control. Implementations have been limited in many applications because of the high cost associated with these technologies.

Reference:

QUESTION 37

Which of the following provides the strongest form of authentication?

A. token

B. username and password C. biometrics

D. one time password

(15)

Biometrics is the use of authenticating a user by scanning on of their unique

physiological body parts. Just like in the movies, a user places their hand on a finger print scanner or they put their eyes against a retinal scanner. If the image matches what's on the database, it authenticates the user. Since a persons fingerprint, blood vessel print, or retinal image is unique the only way the system can authenticate is if the proper user is there. The only way an unauthorized user to get access is to physically kidnap the authorized user and force them through the system. For this reason, biometrics are the strongest (and the costliest) for of authentication.

QUESTION 38

Identify the different types of certificate-based authentication? (Choose TWO)

A. Many-to-one mapping is a type of certificate-based authentication. B. One-to-one mapping is a type of certificate-based authentication. C. One-to-many mapping is a type of certificate-based authentication. D. Many-to-many mapping is a type of certificate-based authentication.

Answer: A, B

QUESTION 39

Which services is provided by message authentication codes?

A. You make use of message authentication codes to provide the Key recovery service. B. You make use of message authentication codes to provide the Fault recovery service. C. You make use of message authentication codes to provide the Acknowledgement service.

D. You make use of message authentication codes to provide the Integrity service.

Answer: D

QUESTION 40

When an attacker captures part of a communication and later sends the

communication segment to the server whilst pretending to be the user it is known as a:

A. It is known as the TCP/IP hijacking attack. B. It is known as the Man in the middle attack. C. It is known as the Replay attack.

D. It is known as the Back door attack.

Answer: C

QUESTION 41

(16)

Actualtests.com - The Power of Knowing A. The tickets are digitally signed.

B. The tickets are used a token. C. The tickets are encrypted. D. The tickets are time stamped.

Answer: D

QUESTION 42

Identify the authentication system where a unique username and password is used to access multiple systems within a company?

A. Challenge Handshake Authentication Protocol (CHAP) is used to access multiple systems within a company.

B. Single Sign-on is used to access multiple systems within a company. C. Kerberos is used to access multiple systems within a company.

D. Mandatory Access Control (MAC) is used to access multiple systems within a company.

Answer: B

QUESTION 43

Identify the method that should be used to ensure that the user is able to authenticate to the server and the server to the user?

A. You should make use of the Mutual authentication method. B. You should make use of the Biometric authentication method.

C. You should make use of the Username/password authentication method. D. You should make use of the Multifactor authentication method.

Answer: A

QUESTION 44

Identify the process where users can access numerous resources without needing multiple credentials?

A. The authentication process is known as need to know.

B. The authentication process is known as decentralized management.

C. The authentication process is known as Discretionary Access Control (DAC). D. The authentication process is known as single sign-on.

Answer: D

QUESTION 45

Determine the two-factor authentication for an information system?

(17)

Actualtests.com - The Power of Knowing B. You should identify Photo ID and PIN.

C. You should identify Retina scan and mantrap. D. You should identify Username and password.

Answer: A

QUESTION 46

What is based upon an authentication server that allocates tickets to users?

A. You should make use of the Kerberos authentication method.

B. You should make use of the Challenge Handshake Authentication Protocol (CHAP) authentication method.

C. You should make use of the Username/password authentication method. D. You should make use of the Multifactor authentication method.

Answer: A

QUESTION 47

Which authentication will provide a username, a password and undergo a thumb print scan to access a workstation?

A. The Biometric authentication best illustrates this scenario. B. The Kerberos authentication best illustrates this scenario. C. The Mutual authentication best illustrates this scenario. D. The Multifactor authentication best illustrates this scenario.

Answer: D

QUESTION 48

Determine the authentication mechanisms that use key fob based identification systems? (Choose TWO)

A. Kerberos uses key fob based identification systems. B. Token uses key fob based identification systems. C. Biometrics uses key fob based identification systems.

D. Username/password uses key fob based identification systems. E. Certificates uses key fob based identification systems.

Answer: B, D

QUESTION 49

You deploy a biometric authentication system in the Certkiller .com environment. Identify the tool that is reliable with the lowest cross over problem rate?

(18)

Actualtests.com - The Power of Knowing C. You should identify the retina scanner.

D. You should identify the facial scanner.

Answer: C

QUESTION 50

Certkiller .com deploy Kerberos authentication on the network. What does Kerberos need to function properly? (Choose TWO)

A. Kerberos requires a Key Distribution Center. B. Kerberos requires POP-3.

C. Kerberos requires extranets.

D. Kerberos requires accurate network time. E. Kerberos requires SSL/TLS.

Answer: A, D

QUESTION 51

What authentication model uses a smart card and a User ID/Password for accessing network resources?

A. You should identify the Biometric authentication model. B. You should identify the Multifactor authentication model. C. You should identify the Mutual authentication model. D. You should identify the Tokens authentication model.

Answer: B

QUESTION 52

Which of the following represents the best method for securing a web browser?

A. Do not upgrade, as new versions tend to have more security flaws. B. Disable any unused features of the web browser.

C. Connect to the Internet using only a VPN (Virtual Private Network) connection. D. Implement a filtering policy for illegal, unknown and undesirable sites.

Answer: B

Explanation:

Features that make web surfing more exciting like: ActiveX, Java, JavaScript, CGI scripts, and cookies all poise security concerns. Disabling them (which is as easy as setting your browser security level to High) is the best method of securing a web browser, since its simple, secure, and within every users reach.

QUESTION 53

(19)

Actualtests.com - The Power of Knowing vulnerable to being scanned, exploited, or attached?

A. 32 B. 1,024 C. 65,535 D. 16,777,216

Answer: C

QUESTION 54

Which of the following ports does a DNS (Domain Name Service) server require?

A. 21 B. 23 C. 53 D. 55

Answer: C

QUESTION 55

Why are non-essential services appealing to attackers? (Choose TWO)

A. Non-essential services are often appealing to attackers since less bandwidth is used. B. Non-essential services are often appealing to attackers since the surface area for the attack is reduced.

C. Non-essential services are often appealing to attackers since root level access is offered.

D. Non-essential services are often appealing to attackers since attacks are maintained that go unnoticed.

E. Non-essential services are often appealing to attackers since it's not typically configured correctly or secured.

F. Non-essential services are often appealing to attackers since it's not visible to IDS.

Answer: D, E

QUESTION 56

Which port is used by Kerberos by default?

A. Kerberos makes use of port 139. B. Kerberos makes use of port 443. C. Kerberos makes use of port 23. D. Kerberos makes use of port 88.

(20)

QUESTION 57

You run Nmap against a server on the Certkiller .com network. You discover more open ports than you anticipated. What should you do?

A. Your first step should be to close all the ports and to monitor it to see if a process tries to reopen the port.

B. Your first step should be to examine the process using the ports.

C. Your first step should be to leave the ports open and to monitor the traffic for malicious activity.

D. Your first step should be to run Nmap again and to monitor it to see if different results are obtained.

Answer: B

QUESTION 58

Identify the port that permits a user to login remotely on a computer?

A. Port 3389. B. Port 8080. C. Port 143. D. Port 23.

Answer: A

QUESTION 59

Identify the ports utilized by e-mail users? (Choose TWO)

A. You should identify port 23. B. You should identify port 334. C. You should identify port 3389. D. You should identify port 110. E. You should identify port 143.

Answer: D, E

QUESTION 60

Which of the following occurs when a string of data is sent to a buffer that is larger than the buffer was designed to handle?

A. Brute Force attack B. Buffer overflow

C. Man in the middle attack D. Blue Screen of Death E. SYN flood

(21)

Actualtests.com - The Power of Knowing Answer: B

Explanation:

Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.

Reference:

QUESTION 61

Which of the following attacks exploits the session initiation between the Transport Control Program (TCP) client and server in a network?

A. Buffer Overflow

SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established. Change this if you want but in the SYN flood the hacker sends a SYN packet to the receiving station with a spoofed return address of some broadcast address on their network. The receiving station sends out this SYN packets (pings the broadcast address) which causes multiple servers or stations to respond to the ping, thus

overloading the originator of the ping (the receiving station). Therefore, the hacker may send only 1 SYN packet, whereas the network of the attacked station is actually what does the barrage of return packets and overloads the receiving station.

Reference:

QUESTION 62

Which of the following attacks uses ICMP (Internet Control Message Protocol) and improperly formatted MTUs (Maximum Transmission Unit) to crash a target computer?

A. Man in the middle attack B. Smurf attack

C. Ping of death attack

(22)

Actualtests.com - The Power of Knowing Answer: C

Explanation: The Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. IP packets of this size are illegal, but applications can be built that are capable of creating them. Carefully programmed operating systems could detect and safely handle illegal IP packets, but some failed to do this.

Note: MTU packets that are bigger than the maximum size the underlying layer can handle are fragmented into smaller packets, which are then reassembled by the receiver. For ethernet style devices, the MTU is typically 1500.

Incorrect Answers

A: A man in the middle attack allows a third party to intercept and replace components of the data stream.

B: The "smurf" attack, named after its exploit program, is one of the most recent in the category of network-level attacks against hosts. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim.

D: In a TCP SYN attack a sender transmits a volume of connections that cannot be completed. This causes the connection queues to fill up, thereby denying service to legitimate TCP users.

QUESTION 63

Which of the following determines which operating system is installed on a system by analyzing its response to certain network traffic?

A. OS (Operating System) scanning. B. Reverse engineering.

C. Fingerprinting D. Host hijacking.

Answer: C

Explanation:

Fingerprinting is the act of inspecting returned information from a server (ie. One method is ICMP Message quoting where the ICMP quotes back part of the original message with every ICMP error message. Each operating system will quote definite amount of message to the ICMP error messages. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.

QUESTION 64

Malicious port scanning determines the _______.

A. computer name

(23)

Actualtests.com - The Power of Knowing D. user ID and passwords

Answer: B

Explanation:

Malicious port scanning is an attempt to find an unused port that the system won't acknowledge. Several programs now can use port scanning for advanced host detection and operating system fingerprinting. With knowledge of the operating system, the hacker can look up known vulnerabilities and exploits for that particular system.

QUESTION 65

Which of the following fingerprinting techniques exploits the fact that operating systems differ in the amount of information that is quoted when ICMP (Internet Control Message Protocol) errors are encountered?

A. TCP (Transmission Control Protocol) options.

B. ICMP (Internet Control Message Protocol) error message quenching. C. Fragmentation handling.

D. ICMP (Internet Control Message Protocol) message quoting.

Answer: D

ICMP Message quoting: The ICMP quotes back part of the original message with every ICMP error message. Each operating system will quote definite amount of message to the ICMP error messages. The peculiarity in the error messages received from various types of operating systems helps us in identifying the remote host's OS.

QUESTION 66

Which of the following type of attacks exploits poor programming techniques and lack of code review?

A. CGI (Common Gateway Interface) script B. Birthday

C. Buffer overflow D. Dictionary

Answer: C

Explanation:

Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system. This exploitation is usually a result of a programming error in the development of the software.

Reference:

(24)

QUESTION 67

Which of the following network attacks misuses TCP's (Transmission Control Protocol) three way handshake to overload servers and deny access to legitimate users?

A. Man in the middle. B. Smurf

C. Teardrop

D. SYN (Synchronize)

Answer: D

Explanation:

SYN flood is a DoS attack in which the hacker sends a barrage of SYN packets. The receiving station tries to respond to each SYN request for a connection, thereby tying up all the resources. All incoming connections are rejected until all current connections can be established.

Reference:

QUESTION 68

Which of the following is most common method of accomplishing DDoS (Distributed Denial of Service) attacks?

A. Internal host computers simultaneously failing.

B. Overwhelming and shutting down multiple services on a server.

C. Multiple servers or routers monopolizing and over whelming the bandwidth of a particular server or router.

D. An individual e-mail address list being used to distribute a virus.

Answer: C

Explanation:

A distributed denial of service attack takes place from within, and is usually the doing of a disgruntled worker. They set up a zombie software that takes over numerous servers, and routers within the network to overwhelm the systems bandwidth.

A and B are incorrect because a DDoS doesn't fail or shut down the servers, it merely compromises them.

QUESTION 69

Which of the following is a DoS (Denial of Service) attack that exploits TCP's (Transmission Control Protocol) three-way handshake for new connections?

(25)

Actualtests.com - The Power of Knowing B. ping of death attack.

C. land attack.

D. buffer overflow attack.

Answer: A

Explanation:

The SYN flood attack works when a source system floods and end system with TCP SYN requests, but intentionally does not send out acknowledgements (ACK). Since TCP needs confirmation, the receiving computer is stuck with half-open TCP sessions, just waiting for acknowledgement so it can reset the port. Meanwhile the connection buffer is being overflowed, making it difficult or impossible for valid users to connect, therefore their service is denied.

QUESTION 70

Which of the following is a DoS exploit that sends more traffic to a node than anticipated?

A. Ping of death B. Buffer Overflow C. Logic Bomb D. Smurf

Answer: B

Explanation:

Buffer overflows occur when an application receives more data than it is programmed to accept. This situation can cause an application to terminate. The termination may leave the system sending the data with temporary access to privileged levels in the attacked system.

Reference:

QUESTION 71

Which of the following is a security breach that does not usually result in the theft of information or other security loss but the lack of legitimate use of that system?

A. CRL B. DoS C. ACL D. MD2

Answer: B

(26)

DOS attacks prevent access to resources by users authorized to use those resources. An attacker may attempt to bring down an e-commerce website to prevent or deny usage by legitimate customers.

Reference:

QUESTION 72

Loki, NetCaZ, Masters Paradise and NetBus are examples of what type of attack?

A. brute force B. spoofing C. back door

D. man in the middle

Answer: C

Explanation:

Since backdoor's are publicly marketed/distributed software applications, they are characterized by having a trade name.

QUESTION 73

What is usually the goal of TCP (transmission Control Protocol) session hijacking?

A. Taking over a legitimate TCP (transmission Control Protocol) connection. B. Predicting the TCP (transmission Control Protocol) sequence number.

C. Identifying the TCP (transmission Control Protocol) port for future exploitation. D. Identifying source addresses for malicious use.

Answer: A

Explanation:

The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert acceptable packets. Thus hijacking the conversation, and continuing the conversation under the disguise of the legitimate party, and taking advantage of the trust bond.

QUESTION 74

Which of the following best describes TCP/IP (Transmission Control Protocol/Internet Protocol) session hijacking?

A. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state is altered in a way that intercepts legitimate packets and allows a third party host to insert

acceptable packets.

(27)

C. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the server.

D. The TCP/IP (Transmission Control Protocol/Internet Protocol) session state remains unaltered allowing third party hosts to insert packets acting as the client.

Answer: A

Explanation:

A detailed site on how to hijack a TCP/IP a session can be found at: http://staff.washington.edu/dittrich/talks/qsm-sec/script.html

QUESTION 75

What characteristic of TCP/IP (transmission Control Protocol/Internet Protocol) does TCP/IP (transmission Control Protocol/Internet Protocol) session hijacking exploit?

A. The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, thus allowing a clear text password of 16 bytes

B. The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows packets to be tunneled to an alternate network

C. The fact that TCP/IP (transmission Control Protocol/Internet Protocol) has no authentication mechanism, and therefore allows connectionless packets from anyone D. The fact that TCP/IP (transmission Control Protocol/Internet Protocol) allows a packet to be spoofed and inserted into a stream, thereby enabling commands to be executed on the remote host

Answer: D

Explanation:

TCP/IP's connection orientated nature, and lack of natural security makes it easy to hijack a session by spoofing.

QUESTION 76

Which of the following attacks can be mitigated against by implementing the following ingress/egress traffic filtering?

* Any packet coming into the network must not have a source address of the internal network.

* Any packet coming into the network must have a destination address from the internal network.

* Any packet leaving the network must have a source address from the internal network.

* Any packet leaving the network must not have a destination address from the internal networks.

(28)

Actualtests.com - The Power of Knowing A. SYN (Synchronize) flooding

B. spoofing

C. DoS (Denial of Service) attacks D. dictionary attacks

Answer: B

Explanation:

By having strict addressing filters; an administrator prevents a spoofed address from gaining access.

QUESTION 77

In which of the following attacks does the attacker pretend to be a legitimate user?

A. Aliasing B. Spoofing C. Flooding D. Redirecting

Answer: B

Explanation:

A spoofing attack is simple an attempt by someone or something masquerading as someone else. This type of attack is usually considered an access attack.

Reference:

QUESTION 78

Which of the attacks can involve the misdirection of the domain name resolution and Internet traffic?

A. DoS (Denial of Service) B. Spoofing

C. Brute force attack

D. Reverse DNS (Domain Name Service)

Answer: B

Explanation:

A spoofing attack is simply an attempt by someone or something masquerading as someone else.

Reference:

(29)

QUESTION 79

In an IP (Internet Protocol) spoofing attack, what field of an IP (Internet Protocol) packet does the attacker manipulate?

A. The version field.

B. The source address field. C. The source port field.

D. The destination address field.

Answer: B

Explanation:

In IP Spoofing a hacker tries to gain access to a network by pretending his or her machine has the same network address as the internal network.

Reference:

QUESTION 80

You are the network administrator at Certkiller .com. You discover that your domain name server is resolving the domain name to the wrong IP (Internet Protocol) address and thus misdirecting Internet traffic. You suspect a malicious attack. Which of the following would you suspect?

A. DoS (Denial of Service) B. Spoofing

C. brute force attack

D. reverse DNS (Domain Name Service)

Answer: B

Explanation:

Spoofing is when you forge the source address of traffic, so it appears to come from somewhere else, preferably somewhere safe and trustworthy. Web spoofing is a process where someone creates a convincing copy of a legitimate website or a portion of the world wide web, so that when someone enters a site that they think is safe, they end up communicating directly with the hacker. To avoid this you should rely on certificates, IPSEC, and set up a filter to block internet traffic with an internal network address.

QUESTION 81

What is the process of forging an IP (Internet Protocol) address to impersonate another machine called?

(30)

Actualtests.com - The Power of Knowing C. man in the middle

D. replay

Answer: B

Explanation:

The word spoofing was popularized in the air-force. When a fighter jet notices an enemy missile (air-to-air or surface-to-air) coming, the pilot will fire off a flair or a chaff

(depending on whether or not the missile is heat seeking or radar guided) to spoof (trick) the missile into going after the wrong target. IP spoofing works the same way, and is commonly used by computer hackers because it's easy to implement, it takes advantage of someone else's trust relationship, it makes it harder to identify the source of the true attack, and it focuses attention away to an innocent 3rd party.

QUESTION 82

You are the security administrator at Certkiller .com. You detect intruders accessing your internal network. The source IP (Internet Protocol) addresses originate from trusted networks. What type of attack are you experiencing?

A. social engineering

B. TCP/IP (Transmission Control Protocol/Internet Protocol) hijacking C. smurfing

D. spoofing

Answer: D

Explanation:

Spoofing is the process of trying to deceive, or to spoof, someone into believing that a source address is coming from somewhere else.

Incorrect answers:

A: Social engineering deals with the human aspect of gaining access and passwords. B: TCP/IP hijacking requires an existing session.

C: Smurfing is a legitimate kind of DoS attack that does involve spoofing, however it doesn't match the above description.

QUESTION 83

What is an attack whereby two different messages using the same hash function produce a common message digest known as?

A. man in the middle attack. B. ciphertext only attack. C. birthday attack. D. brute force attack.

(31)

A birthday attack is based on the principle that amongst 23 people, the probability of 2 of them having the same birthday is greater the 50%. By that rational if an attacker

examines the hashes of an entire organizations passwords, they'll come up with some common denominators.

QUESTION 84

Which of the following can be deterred against by increasing the keyspace and complexity of a password?

A. dictionary

A brute force attack is when a computer program try's EVERY single keystroke

combination until it cracks the password. If you had a bike lock or a brief case with three combinations of numbers (0-9), there were 999 possible choices, so if you started at 000 and worked your way up you could attempt every number in about 20 minutes and eventually crack the lock. A computer keyboard has millions of possibilities, but since computers can enter thousands and even millions of keys a second, a brute force attack can be successful in a matter of hours. Each keyspace exponentially increases the possible answer choices, so passwords that are extremely short can be cracked within an hour but passwords beyond eight characters require time and computer resources that are usually beyond a brute force hackers patience and financial motives.

QUESTION 85

Which type of attack can easily break a user's password if the user uses simple and meaningful things such as pet names or birthdays for their passwords?

A. Dictionary attack B. Brute Force attack C. Spoofing attack D. Random guess attack E. Man in the middle attack F. Change list attack

G. Role Based Access Control attack H. Replay attack

I. Mickey Mouse attack

Answer: A

(32)

A dictionary attack is an attack which uses a dictionary of common words to attempt to find the password of a user.

Reference:

QUESTION 86

What should the minimum length of a password be to deter dictionary password cracks?

A dictionary attack is a preliminary brute force attempt at guessing a password.

Dictionary attacks work on the principle that most people choose a simple word or phrase as a password. By having a computer try every word, or phrase in a dictionary; most passwords can be hacked in a matter of hours. Since passwords become exponentially more difficult to crack with each character, passwords greater then 8 characters consume excessive time and resources to crack.

QUESTION 87

In which of the following does someone use an application to capture and manipulate packets as they are passing through your network?

A. DDos

The method used in these attacks places a piece of software between a server and the user. The software intercepts and then sends the information to the server. The server responds back to the software, thinking it is the legitimate client. The attacking software then sends this information on to the server, etc. The man in the middle software may be recording this information, altering it, or in some other way compromising the security of your system.

Reference:

(33)

QUESTION 88

Which of the following is the best defense against a man in the middle attack?

A. Virtual LAN (Local Area Network)

B. GRE (Generic Route Encapsulation) tunnel IPIP (Internet Protocol-within-Internet Protocol Encapsulation Protocol)

C. PKI (Public Key Infrastructure) D. Enforcement of badge system

Answer: C

Explanation:

PKI is a two-key system. Messages are encrypted with a public key. Messages are decrypted with a private key. If you want to send an encrypted message to someone, you would request their public key. You would encrypt the message using their public key and send it to them. They would then use their private key to decrypt the message. Reference:

QUESTION 89

Which of the following is the best defense against man in the middle attacks?

A. A firewall

B. Strong encryption C. Strong authentication D. Strong passwords

Answer: B

QUESTION 90

You are the security administrator at Certkiller .com. All Certkiller users have a token and 4-digit personal identification number (PIN) that are used to access their computer systems. The token performs off-line checking for the correct PIN. To which of the following type of attack is Certkiller vulnerable?

A. Birthday B. Brute force

C. Man-in-the-middle D. Smurf

Answer: B

(34)

Actualtests.com - The Power of Knowing the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.

QUESTION 91

What is an attach in which the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets called?

A. SYN flood attack B. Smurf attack

C. Ping of Dead Attack

D. Denial of Service (DOS) Attack

Answer: B

QUESTION 92

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?

A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack

D. Statistical attack

Answer: C

A good hashing algorithm should not produce the same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, it is referred to as a collision. If an attacker finds an instance of a collision, he has more information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way hash function is called the birthday attack. If an attacker has one hash value and wants to find a message that hashes to the same hash value, this process could take him years. However, if he just wants to find any two messages with the same hashing value, it could take him only a couple hours.

QUESTION 93

Which of the following attacks attempts to crack passwords?

A. SMURF B. Spamming C. Teardrop D. Dictionary

Answer: D

Explanation:

(35)

Actualtests.com - The Power of Knowing dictionary attack involves trying a list of hundreds or thousands of words that are frequently chosen as passwords against several systems. Although most systems resist such attacks, some do not. In one case, one system in five yielded to a particular dictionary attack.

QUESTION 94

Determine the vulnerability that functions by passing invalid data to a program?

A. You should identify remote code execution. B. You should identify buffer overflows. C. You should identify cross-site scripting. D. You should identify elevation of privileges.

Answer: B

QUESTION 95

As the security administrator you monitor traces from IDS and detect the subsequent data:

Date Time Source IP Destination IP Port Type 10/21 0845 192.168.155.28 10.1.20.1 20 SYN 10/21 0850 192.168.155.28 10.1.20.1 21 SYN 10/21 0900 192.168.155.28 10.1.20.1 23 SYN 10/21 0910 192.168.155.28 10.1.20.1 25 SYN You need to determine what will occur?

A. A Denial of Service (DoS) will occur. B. A SYN Flood will occur.

C. A Port scanning will occur.

D. An expected TCP/IP traffic will occur.

Answer: C

QUESTION 96

Identify the attack that targets a web server if numerous computers send a lot of FIN packets at the same time with spoofed source IP addresses?

A. This attack is known as SYN flood. B. This attack is known as DDoS. C. This attack is known as Brute force. D. This attack is known as XMAS tree scan.

Answer: B

QUESTION 97

(36)

Actualtests.com - The Power of Knowing What is causing this?

A. This occurred since a user without permission is spoofing internal IP addresses. B. This occurred since information is accessed by a user from a remote login. C. This occurred since traffic is routed outside the internal network.

D. This is normal behavior according to the IP RFC.

Answer: A

QUESTION 98

Identify the methods of password guessing that needs the longest attack time?

A. Rainbow needs the longest attack time. B. Birthday needs the longest attack time. C. Dictionary needs the longest attack time. D. Brute force needs the longest attack time.

Answer: D

QUESTION 99

Identify the attack that consists of a PC sending PING packets with destination addresses set to the broadcast address and the source address set to the target PC's IP address?

A. You should identify a Smurf attack. B. You should identify a XMAS Tree attack. C. You should identify a Replay attack. D. You should identify a Fraggle attack.

Answer: A

QUESTION 100

Identify common utilization of Internet-exposed network services?

A. Active content is a common utilization. B. Illicit servers are a common utilization.

C. Trojan horse programs are a common utilization. D. Buffer overflows is a common utilization.

Answer: D

QUESTION 101

What results in poor programming techniques and lack of code review?

(37)

Actualtests.com - The Power of Knowing C. It can result in the Birthday attack.

D. It can result in the Common Gateway Interface (CGI) script attack.

Answer: A

QUESTION 102

Identify a port scanning tool?

A. Nmap is port scanning tool. B. Cain & Abel is port scanning tool. C. L0phtcrack is port scanning tool. D. John the Ripper is port scanning tool.

Answer: A

QUESTION 103

How can you determine whether the workstations on the internal network are functioning as zombies participating in external DDoS attacks?

A. You should use AV server logs to confirm the suspicion. B. You should use HIDS logs to confirm the suspicion. C. You should use Proxy logs to confirm the suspicion. D. You should use Firewall logs to confirm the suspicion.

Answer: D

QUESTION 104

You configure a computer to act as a zombie set in order to attack a web server on a specific date. What would this contaminated computer be part of?

A. The computer is part of a DDoS attack. B. The computer is part of a TCP/IP hijacking. C. The computer is part of a spoofing attack.

D. The computer is part of a man-in-the-middle attack.

Answer: A

QUESTION 105

What is used in a distributed denial of service (DDOS) attack?

A. DDOS makes use of Botnet. B. DDOS makes use of Phishing. C. DDOS makes use of Adware. D. DDOS makes use of Trojan.

(38)

QUESTION 106

Identify the attack where the purpose is to stop a workstation or service from functioning?

A. This attack is known as non-repudiation. B. This attack is known as TCP/IP hijacking. C. This attack is known as denial of service (DoS). D. This attack is known as brute force.

Answer: C

QUESTION 107

Which programming mechanism should be used to permit administrative access whilst bypassing the usual access control methods?

A. It is known as a logic bomb. B. It is known as a back door. C. It is known as a Trojan horse. D. It is known as software exploit.

Answer: B

QUESTION 108

Why is certificate expiration important?

A. Renewing the log files will keep it from getting too large.

B. If given sufficient tile brute force techniques will probably to break the key. C. It will use more processing power when the encryption key is used long. D. It prevents the server from using the identical key for two sessions.

Answer: B

QUESTION 109

It has come to your attention that numerous e-mails are received from an ex employee. You need to determine whether the e-mails originated internally?

A. This can be accomplished by viewing the from line of the e-mails.

B. This can be accomplished by reviewing anti-virus logs on the ex employees computer. C. This can be accomplished by replying to the e-mail and checking the destination e-mail address.

D. This can be accomplished by looking at the source IP address in the SMTP header of the e-mails.

(39)

QUESTION 110

What is used to verify the equipment status and modify the configuration or settings of network gadgets?

A. This can be accomplished by using SNMP. B. This can be accomplished by using SMTP. C. This can be accomplished by using CHAP. D. This can be accomplished by using DHCP.

Answer: A

QUESTION 111

Determine the programming method you should use to stop buffer overflow attacks?

A. You should make use of Automatic updates. B. You should make use of Input validation. C. You should make use of Signed applets. D. You should make use of Nested loops.

Answer: B

QUESTION 112

Identify the type of attack that CGI scripts are vulnerable to?

A. It is vulnerable to Buffer overflows. B. It is vulnerable to Cross site scripting. C. It is vulnerable to DNS spoofing. D. It is vulnerable to SQL injection.

Answer: B

QUESTION 113

Which device should you contemplate on choosing in order to protect an internal network segment from traffic external to the segment?

A. You should choose DMZ to provide security to the network segment.

B. You should choose Internet content filter provide security to the network segment. C. You should choose NIPS provide security to the network segment.

D. You should choose HIDS provide security to the network segment.

Answer: C

QUESTION 114

(40)

Actualtests.com - The Power of Knowing A. It is known as a Denial of service (DoS).

B. It is known as a Buffer overflow. C. It is known as a Brute force. D. It is known as a Syntax error.

Answer: B

QUESTION 115

Which of the following is an effective method of preventing computer viruses from spreading?

A. Require root/administrator access to run programs. B. Enable scanning of e-mail attachments.

C. Prevent the execution of .vbs files.

D. Install a host based IDS (Intrusion Detection System)

Answer: B

Explanation:

Viruses get into your computer in one of three ways. They may enter your computer on a contaminated floppy or CD-ROM, through e-mail, or as a part of another program. Reference:

QUESTION 116

What would a user's best plan of action be on receiving an e-mail message warning of a virus that may have accidentally been sent in the past, and suggesting that the user to delete a specific file if it appears on the user's computer?

A. Check for the file and delete it immediately.

B. Check for the file, delete it immediately and copy the e-mail to all distribution lists. C. Report the contents of the message to the network administrator.

D. Ignore the message. This is a virus hoax and no action is required.

Answer: C

Explanation:

In such a scenario the most rational answer is to tell your network administrator. Most network administrators don't have much to do most of the day, so they live for an opportunity like this.

Incorrect Answers:

(41)

Copying the email to all distribution lists, is another mistake, because if indeed the email does contain a virus, you'll only spread it.

Ignoring the problem isn't a good problem, although virus hoaxes are common, all it takes is one real virus to cause a mini-disaster.

QUESTION 117

What should a network administrator's first course of action be on receiving an e-mail alerting him to the presence of a virus on the system if a specific executable file exists?

A. Investigate the e-mail as a possible hoax with a reputable anti-virus vendor. B. Immediately search for and delete the file if discovered.

C. Broadcast a message to the entire organization to alert users to the presence of a virus. D. Locate and download a patch to repair the file.

Answer: A

Explanation:

If a virus threat is for real, the major anti-virus players like Symantec, McAfee, or Sophos will know about it before you, and they will have details on their sites. Incorrect answers:

Searching for and deleting a file is not only a waste of time with today's OS's complex directory systems, but its also ineffective. One can miss a file, the file could be hidden, the wrong file can be deleted, and worst of all: when you delete a file it doesn't really get completely deleted, instead it gets sent to a 'recycle bin.'

Broadcasting an alert and creating panic isn't the right thing to do, because it will waste bandwidth, and perhaps terrorizing the users is the original intent of the attack.

The act of locating and downloading a patch isn't just time consuming, but there's a chance that the patch itself could be the virus, or the process of resetting the computer could activate the virus.

QUESTION 118

Which of the following is the major difference between a worm and a Trojan horse?

A. Worms are spread via e-mail while Trojan horses are not. B. Worms are self replicating while Trojan horses are not.

C. Worms are a form of malicious code while Trojan horses are not. D. There is no difference.

Answer: B

Explanation:

(42)

Actualtests.com - The Power of Knowing Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, pp 83, 85

QUESTION 119

Which of the following can distribute itself without using a host file?

A. Virus.

B. Trojan horse. C. Logic bomb. D. Worm.

Answer: D

Explanation:

Worms are dangerous because they can enter a system by exploiting a 'hole' in an operating system. They don't' need a host file, and they don't need any user intervention to replicate by themselves. Some infamous worms were: Morris, Badtrans, Nimda, and Code Red.

QUESTION 120

What type of program will record system keystrokes in a text file and e-mail it to the author, and will also delete system logs every five days or whenever a backup is performed?

A. Virus. B. Back door. C. Logic bomb. D. Worm.

Answer: C

Explanation:

A logic bomb is a special kind of virus or Trojan horse that is set to go off following a preset time interval, or following a pre-set combination of keyboard strokes. Some unethical advertisers use logic bombs to deliver the right pop-up advertisement following a keystroke, and some disgruntled employees set up logic bombs to go off to sabotage their company's computers if they feel termination is imminent.

QUESTION 121

The system administrator of the company has resigned. When the administrator's user ID is deleted, the system suddenly begins deleting files. What type of malicious code is this?

A. Logic bomb B. Virus

(43)

Actualtests.com - The Power of Knowing D. Worm

Answer: A

QUESTION 122

What is an application that appears to perform a useful function but instead contains some sort of malicious code called?

A. Worm B. SYN flood C. Virus

D. Trojan Horse E. Logic Bomb

Answer: D

Explanation:

A Trojan horse attaches itself to another file, such as a word processing document. Trojan horses may also arrive as part of an e-mail for free game, software, or other file. When the Trojan horse activates and performs its task, it infects all of the word processing or template files. Consequently, every new file will carry the Trojan horse. The Trojan horse may not be visible because it masks itself inside of a legitimate program. Reference:

QUESTION 123

What is a piece of code that appears to do something useful while performing a harmful and unexpected function like stealing passwords called?

A. Virus B. Logic bomb C. Worm D. Trojan horse

Answer: D

Explanation:

Trojan horses are programs that enter a system or network under the guise of another program. A Trojan Horse may be included as an attachment or as part of an installation program. The Trojan Horse could create a back door or replace a valid program during installation. The Trojan Program would then accomplish its mission under the guise of another program. Trojan Horses can be used to compromise the security of your system and they can exist on a system for years before they are detected.